CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2017-1000198 119 DoS Overflow 2017-11-17 2017-12-02
5.0
None Remote Low Not required None None Partial
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
52 CVE-2017-1000197 417 2017-11-17 2020-08-03
7.5
None Remote Low Not required Partial Partial Partial
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
53 CVE-2017-1000196 94 Exec Code 2017-11-17 2020-08-03
7.5
None Remote Low Not required Partial Partial Partial
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
54 CVE-2017-1000195 502 2017-11-17 2020-08-03
6.4
None Remote Low Not required None Partial Partial
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
55 CVE-2017-1000194 434 2017-11-17 2020-08-03
7.5
None Remote Low Not required Partial Partial Partial
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
56 CVE-2017-1000193 79 Exec Code XSS 2017-11-17 2020-08-03
4.3
None Remote Medium Not required None Partial None
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
57 CVE-2017-1000192 File Inclusion 2017-11-17 2019-10-03
5.0
None Remote Low Not required Partial None None
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.
58 CVE-2017-1000191 400 2017-11-17 2017-12-04
7.8
None Remote Low Not required None None Complete
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
59 CVE-2017-1000190 611 2017-11-17 2019-07-23
6.4
None Remote Low Not required Partial None Partial
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
60 CVE-2017-1000189 20 2017-11-17 2017-11-30
5.0
None Remote Low Not required None None Partial
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
61 CVE-2017-1000188 79 XSS 2017-11-17 2017-11-30
4.3
None Remote Medium Not required None Partial None
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
62 CVE-2017-1000187 119 Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
63 CVE-2017-1000186 119 Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a stack overflow was found in pdf2swf.
64 CVE-2017-1000185 119 Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memcpy buffer overflow was found in gif2swf.
65 CVE-2017-1000182 772 2017-11-17 2019-10-03
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memory leak was found in wav2swf.
66 CVE-2017-1000176 119 Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memcpy buffer overflow was found in swfc.
67 CVE-2017-1000174 119 Overflow 2017-11-17 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, an address access exception was found in swfdump swf_GetBits().
68 CVE-2017-1000173 125 Exec Code Overflow 2017-11-17 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.
69 CVE-2017-1000172 416 Exec Code 2017-11-17 2017-11-30
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.
70 CVE-2017-1000171 532 2017-11-03 2017-11-22
5.0
None Remote Low Not required Partial None None
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
71 CVE-2017-1000170 22 Dir. Trav. 2017-11-17 2021-03-25
5.0
None Remote Low Not required Partial None None
jqueryFileTree 2.1.5 and older Directory Traversal
72 CVE-2017-1000169 20 Exec Code 2017-11-17 2017-12-02
10.0
None Remote Low Not required Complete Complete Complete
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
73 CVE-2017-1000168 2017-11-17 2019-10-03
4.3
None Remote Medium Not required Partial None None
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys
74 CVE-2017-1000164 79 Exec Code XSS 2017-11-17 2017-11-29
3.5
None Remote Medium ??? None Partial None
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
75 CVE-2017-1000163 601 2017-11-17 2017-12-03
5.8
None Remote Medium Not required Partial Partial None
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
76 CVE-2017-1000160 79 XSS 2017-11-17 2020-07-06
3.5
None Remote Medium ??? None Partial None
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
77 CVE-2017-1000159 78 2017-11-27 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
78 CVE-2017-1000158 190 Exec Code Overflow 2017-11-17 2022-06-27
7.5
None Remote Low Not required Partial Partial Partial
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
79 CVE-2017-1000157 200 +Info 2017-11-03 2017-11-13
3.5
None Remote Medium ??? Partial None None
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
80 CVE-2017-1000156 269 2017-11-03 2019-10-03
5.5
None Remote Low ??? Partial Partial None
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
81 CVE-2017-1000155 200 +Info 2017-11-03 2017-11-13
4.0
None Remote Low ??? Partial None None
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
82 CVE-2017-1000154 287 2017-11-03 2017-11-13
7.5
None Remote Low Not required Partial Partial Partial
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
83 CVE-2017-1000153 732 2017-11-03 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.
84 CVE-2017-1000152 2017-11-03 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.
85 CVE-2017-1000151 200 +Info 2017-11-03 2017-11-13
5.0
None Remote Low Not required Partial None None
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
86 CVE-2017-1000150 384 2017-11-03 2017-11-13
6.5
None Remote Low ??? Partial Partial Partial
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
87 CVE-2017-1000149 79 XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
88 CVE-2017-1000148 502 Exec Code 2017-11-03 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
89 CVE-2017-1000147 352 CSRF 2017-11-03 2017-11-15
6.0
None Remote Medium ??? Partial Partial Partial
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
90 CVE-2017-1000146 79 XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
91 CVE-2017-1000145 2017-11-03 2019-10-03
4.0
None Remote Low ??? None Partial None
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
92 CVE-2017-1000144 79 XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
93 CVE-2017-1000143 200 +Info 2017-11-03 2017-11-15
4.0
None Remote Low ??? Partial None None
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
94 CVE-2017-1000142 2017-11-03 2019-10-03
5.5
None Remote Low ??? None Partial Partial
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
95 CVE-2017-1000140 79 Exec Code XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
96 CVE-2017-1000139 918 2017-11-03 2017-11-15
6.0
None Remote Medium ??? Partial Partial Partial
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
97 CVE-2017-1000138 79 XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
98 CVE-2017-1000137 79 XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
99 CVE-2017-1000136 613 2017-11-03 2017-11-15
4.3
None Remote Medium Not required None Partial None
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
100 CVE-2017-1000135 613 2017-11-03 2017-11-15
4.0
None Remote Low ??? None Partial None
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
Total number of vulnerabilities : 1068   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.